Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : Privacy Myth : Re: Privacy Myth Server Time
29 Jul 2024 12:28:18 EDT (-0400)
  Re: Privacy Myth  
From: Francois Labreque
Date: 7 Apr 2012 08:37:04
Message: <4f8034f0$1@news.povray.org>
 
Le 2012-04-06 00:52, Patrick Elliott a écrit :
> On 4/5/2012 6:58 PM, Darren New wrote:
>> On 4/1/2012 8:43, Warp wrote:
>>> (it broke the 50% mark of all email traversing
>>> the internet long time ago)
>>
>> It broke the 90% mark a long time ago.
>>
>> > twharts any kind of comprehensive automatic
>>> traffic analysis of email (or at least makes it impractical and
>>> expensive).
>>
>> Classifying spam isn't difficult. It's just that ISPs don't want to
>> carry 10x as much email data as they need to, and it's hard to track
>> down the source.
>>
> They could go a long way by changing the protocol so you can't "fake"
> the source,

There are many webhosting services that also offer e-mail with their 
package.  In those cases, the source would always appear fake since the 
source would be "mailrelay.webhostingcompany.com" instead of 
"mail.francoispetgroomingservices.biz"

> and the tracking, with respect to how it got there, is kept,

It is.  Look at the "Received:" lines of the header.

> and correctly reported, so that, even if you changed the supposed start
> point, somehow, it would be more obvious that the source, as it
> traversed the network, wasn't the source being reported.

Internal RFC-1918 addressing and dicrepancies between internal DNS vs. 
public DNS names make this impossible.

As an outsider, how can you tell if fred.remoteoffice.mycompany 
(10.2.5.14) and pebbles.datacenter.mycompany (10.254.13.56) are valid 
sources without knowing the internal e-mail architecture of the company?

> Half the time
> email systems consider this information "inconvenient" and actually make
> it hard, or impossible, to even look at, never mind actually tell you
> that there is a discrepancy of any kind.
>
> If the thing comes from a proxy, its obviously not from where ever it
> was sent from in reality.

There's no such thing as a proxy in e-mail parlance.  Only mail relays. 
  And because most companies and ISPs try to limit the path that e-mails 
take to known and trusted sources, you can't get rid of them.

> Might need some rules on whether its legal for
> the proxy itself to misrepresent itself as a) not in the chain, or b) a
> different source.

How should a machine with an internal DNS name of 
pebbles.datacenter.mycompany and an IP address of 10.254.13.56 which 
gets natted by the outside firewall to 209.209.209.209 (and which 
resolves to mx.mycompany.com) represent itself?

> But, once it leaves the proxy, there is still, in
> principle, a way to trace back the address, to the server it claims to
> come from,

Not if the server is behind a firewall (which is should be), or if is 
used RFC-1918 IP addressing (which it should).

> thereby finding that there is no way in hell the trace in the
> email's own path could match with the claimed source (but, that would
> require an automatic traceroute, and even doing that, from some
> machines, won't work in cases like Windows, where generating the packets
> needed in anything other than the control paths is **not allowed**, as a
> possible detected exploit, and where your ISP, modem, or something else,
> is denying those control commands).
>

There are various tricks used by mail relays to try and assert the true 
identity of a mail-relay that contacts them, such as doing DNS lookups 
and reveser lookups to make sure they match the SMTP "HELO" command, 
verifying that the machine is a valid MX record for the domain it claims 
to represent, etc...  But as stated above, these can sometimes prevent 
valid e-mails from small businesses that don't have their own e-mail 
infrastructure from being delivered.

> But, yeah, its hardly "impossible" to at least figure out where the hell
> it comes from, and probably easier to use something like that, to ferret
> out new "bad" messages, than all the stupid assed, "Lets look at the
> content, then panic when legit mail contains X formating, and Y list of
> keywords!!!" Hotmail has flagged legit stuff on me, for example, once a
> week, at times, as "possibly dangerous", yet, at almost as much of a
> regular basis, it has failed to flag idiots trying to cell me viagra...
> And, while they suggest to leave the bad emails in there, to better
> handle new bad ones, if you have a good one end up in the trap, you can
> miss it in "page after page" of invalid ones, simply because having one
> good email, on the 50th page, or 800 actual spam messages... really
> isn't a viable solution. Its almost better, if you have fairly low
> volume, to turn the damn spam trap off, and just delete them yourself.

While it would potentially cut down on the phishing e-mails, even if you 
did manage to make sure that the source was real, there's no way to 
programatically determine if an e-mail that says "get viagra at 80% off" 
that comes from online.farmacia.cr is something you're interested in or not.

-- 
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/*    flabreque    */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/*        @        */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/*   gmail.com     */}camera{orthographic location<6,1.25,-6>look_at a }


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.